Improving Web Security for Web Developers

Duration: 2 Days

Objectives

The course introduces junior and middleweight web developers as well as project managers to the concepts of web security in order to minimise the risks posed by website security breaches to both organisations and the public. From an introduction to security breach issues, through to a review of security coding strategies and practical workshops, delegates will gain an extended knowledge to help them build web applications that are safer for both the organisation, its clients and the public to use.

Pre-requisites

Knowledge of any or all of PHP, MySQL, HTML, Javascript and CSS is useful, although not essential.

Course includes

Follow-up telephone support and, for training on Transmedia premises, lunch and refreshments.

Course outline

What is web security?

  • From a non-technical perspective, this section of the course will expose the delegates to the different issues surrounding web security, including identifying who may cause a security breach, the situations that may lead to a security breach and an identification of the methods that can be used to eliminate the majority of security breaches.

Delegates will learn how to identify:

Who poses a security risk

  • Different security breach levels of a web system
  • Potential consequences of security breaches
  • Types of web security solutions
  • How to strike a balance between security and functionality

Security Breach Targets and Techniques

  • During this section of the course, delegates will learn the 3 main areas that a website can be attacked and the methods that a hacker can use to manipulate a website or web system into providing unauthorised access or alteration of information. Delegates will learn about:

Target areas

  • Databases
  • Server scripts
  • Front-end

Techniques

  • SQL Injection
  • XSS (Cross Site Scripting)
  • E-mail Injection
  • FTP
  • Form Spoofing

Security Coding Strategies Workshop

  • This section of the course will be used to engage delegates in using the previously identified security breach techniques in developing a real application, showing how the system can be manipulated by the previous hacking techniques and how security can be efficiently built into the code.

SQL Injection

  • By-passing a user sign-in form without using a password
  • Finding information about a database structure by using SQL injection to cause errors that reveal information about table names and their fields
  • Methods and design patterns to eliminate SQL injection

E-mail Injection

  • Hijacking and sending an e-mail to multiple people from a contact form
  • Protecting against e-mail injection

XSS (Cross Site Scripting)

  • Stealing of passwords and session hijacking
  • Methods and code patterns to protect against cross-site scripting.

Form Spoofing

  • Ordering a product from an e-commerce shop without making payment
  • Developing processing scripts that will only accept information sent from trusted IP addresses
  • Creating encrypted authentication keys based on a mixture of fixed and variable information such as a system password, user provided name and IP address

Multi-location Storage Strategy

  • Storing information across multiple server locations to minimise the effect of security breaches
  • Developing an API based framework to allow a system to be stored across multiple servers and use multiple databases to obtain store information

This course is available as a private or customised course. Contact us for further information and to customise this course to your exact requirements:

Phone us: 0208 269 4260Book Now

Related Courses


"Informative, useful, relaxed - Excellent! Will certainly use Transmedia again."

Tate & Lyle

"Excellent in all areas. The trainer was fantastic."

University of Glamorgan

"Probably the best course I have been on. Very thorough and entertaining."

Cancer Research UK



 

 

© Transmedia . 277 Greenwich High Road London SE10 8NB  UK . 0208 269 4260
Designed by Transmedia's Web Team